Published: 09/05/2023 Updated: 25/01/2024

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 0

A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote malicious user to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied credentials. An attacker could exploit this vulnerability by sending a valid low-privileged SSH key to an affected device from a host that has an IP address that is configured as the source for a high-privileged user account. A successful exploit could allow the malicious user to log in to the affected device through SSH as a high-privileged user. There are workarounds that address this vulnerability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco staros
cisco staros 21.23.n
cisco staros 21.24
cisco staros 21.27.m
cisco staros 21.28.m

A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device This vulnerability is due to insufficient validation of user-supplied credentials An attacker could exploit this vulnerability by sending a valid low-privileged SSH key to a ...

CWE-522 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-ssh-privesc-BmWeJC3h https://nvd.nist.gov https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-ssh-privesc-BmWeJC3h

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-20046

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect